Is your disaster recovery plan good enough?

Jill Yaoz, the CEO of AFCOM, a non-partisan association for datacenter management with more than 4,500 members worldwide, has recently written an article for Forbes’ CIO Central blog that mentioned some rather shocking statistics about the state of datacenter disaster recovery planning. Apparently, AFCOM had surveyed its members and came up with these startling results:

More than 15% of datacenters still do not have a plan for business continuity or disaster recovery.

Fifty percent of datacenters have no plan to replace damaged equipment after a disaster.

Two-thirds of datacenters still do not have a plan or procedures in place to deal with cybercrime.

Given the rise of new cybercrime threats (see Operation Ghost Click) to datacenters and computer users alike along with increasingly violent natural disasters (e.g. Hurricane Irene and the earthquake that recently hit the eastern half of the USA), it comes as a surprise that so many datacenters are not prepared with a disaster recovery plan.

Jill then went on to write about how important it is to have an adequate disaster recovery plan that actually takes into account how critical infrastructure and systems would be replaced if they are damaged in a disaster. And while this may sound easy to consider, Jill also noted that many organizations and their datacenters have been building upon their existing IT infrastructure on an ad hoc basis using different vendors and equipment for many years. This means that fixing any mess in the even of a disaster will require detailed plans as well as consideration of how a big disaster might impact a vendor and hence replacement and installation lead times.

Likewise, virtualization, cloud computing and the rise of social networking sites (and their usage at work) has also complicated datacenter security. In other words, there are more potential holes for cybercriminals to exploit and potentially target your datacenter and its data.

In other words and if you don’t have a disaster recovery plan that takes into consideration how critical infrastructure will be replaced along with the threat posed by cybercriminals, its time to go back to the planning board while there is still time.